1. Field of the Disclosure
This application generally relates to a preboot environment with a system security check, and related matters.
2. Background of the Disclosure
“Flash memory” is a commonly used term for non-volatile data storage that can be read and written multiple times. Flash memory is often used in devices including memory that can communicate with a computer system using a universal serial bus (USB) protocol, sometimes called “flash drives”, “flash memory devices”, or “USB flash drives”. Flash drives can often maintain relatively large amounts of data, often sufficiently large that operating system software and a suite of application program software can be maintained in the flash memory. Other devices, such as a rewritable compact disc (CD-RW or CD), or such as a rewritable digital video disc (DVD-RW, DVD+RW, or DVD-RAM), can also sometimes maintain relatively large amounts of data.
One consequence of being able to store such relatively large amounts of data is that flash drives might be used to maintain an entire operating environment, including both operating system software and application software, as well as documents or other data in use or saved by a user. An operating environment that can be carried about, often on a key ring or in a pocket, is sometimes called a “portable operating environment”. For example, one such environment is the “Windows to Go”™ environment promoted by Microsoft Corporation of Redmond, Wash. Advantages of portable operating environments include (A) that a user can maintain an entire set of settings for personalized use on any available computer system, and (B) that a user can conduct their computer processing on any available computer system, without leaving personal or otherwise sensitive data for later review by unauthorized persons.
Personal computer systems are often subject to attacks from “malware”, that is, software that is designed to damage the computer system, compromise its security, or otherwise use its resources as they were not intended by the user. For some examples, malware includes computer viruses, “rootkits”, and other threats. Malware has become increasingly adept at hiding and at preventing its removal by tools designed to remove it, including loading itself into critical and privileged system components and hiding from the usual methods that anti-virus products use to detect viruses and other malware. Moreover, at least some malware has become adept at installing itself through new and different techniques, including network connections, removable storage devices, and otherwise.
For example, some rootkits have been known to infect BIOS firmware, which might not be detectable by ordinary anti-virus techniques. Malware has been known to attack infected systems, such as by downloading malicious payloads (including other and further malware), stealing private information (including user identification and passwords), hijacking computer systems (such as for use in generating spam), and allowing malicious persons to remotely terminate operation of the computer system.
While portable operating environments have several advantages, it sometimes occurs that they might be subject to malware that has infected a computer system on which the user desires to run the portable operating environment. In such cases, the portable operating environment might be at risk for itself being infected by the computer system on which the user desires to run the portable operating environment, particularly when the user of the portable operating environment cannot be assured of the security of that computer system. For example, while executing the portable operating environment, the computer system might also be executing malware that can infect the portable operating environment.
One possibility is to include, in the portable operating environment, at least some software that scans for, and possibly removes, malware. The portable operating environment might attempt to clean itself of malware, or possibly might attempt to clean the host computer system of malware as well. While this might achieve the general purpose of searching for and possibly removing malware, it has the drawback that it can be very difficult to detect and remove malware in a then-executing system.
A further possibility is to boot the computer system into a “safe mode”, in which software that scans for malware, and possibly removes it, can freely operate. While this might achieve the general purpose of searching for and possibly removing malware, it might be subject to several drawbacks. (A) Even a “safe mode” might not be free of malware infections. (B) The user might not be familiar with booting the computer system into a distinct environment. (C) While conducting these operations, the user would have unfettered access to privileged portions of the computer system, with the possibility that the user might accidentally or intentionally damage the computer system, and with the possibility that the user would be able to read and copy sensitive information on the computer system (such as files belonging to other users).
Each of these examples, as well as other possible considerations, can cause difficulty in a portable operating environment, particularly when reliability and security of that portable operating environment are important to the user. For example, there is the possibility that the portable operating environment might become infected with malware, or the host computing system might become infected with malware. Each of these possibilities might have a detrimental effect on the value of the computer system and on use of a portable operating environment therewith.